Title: chipx's Replies | WordPress.org

---

# chipx

  [  ](https://wordpress.org/support/users/chipx/)

 *   [Profile](https://wordpress.org/support/users/chipx/)
 *   [Topics Started](https://wordpress.org/support/users/chipx/topics/)
 *   [Replies Created](https://wordpress.org/support/users/chipx/replies/)
 *   [Reviews Written](https://wordpress.org/support/users/chipx/reviews/)
 *   [Topics Replied To](https://wordpress.org/support/users/chipx/replied-to/)
 *   [Engagements](https://wordpress.org/support/users/chipx/engagements/)
 *   [Favorites](https://wordpress.org/support/users/chipx/favorites/)

 Search replies:

## Forum Replies Created

Viewing 15 replies - 1 through 15 (of 45 total)

1 [2](https://wordpress.org/support/users/chipx/replies/page/2/?output_format=md)
[3](https://wordpress.org/support/users/chipx/replies/page/3/?output_format=md) 
[→](https://wordpress.org/support/users/chipx/replies/page/2/?output_format=md)

 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WooCommerce] Inbox & Stats failed to load resource – status 524](https://wordpress.org/support/topic/inbox-stats-failed-to-load-resource-status-524/)
 *  Thread Starter [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/inbox-stats-failed-to-load-resource-status-524/#post-15034799)
 * I’ve changed the status thanks.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WooCommerce] Inbox & Stats failed to load resource – status 524](https://wordpress.org/support/topic/inbox-stats-failed-to-load-resource-status-524/)
 *  Thread Starter [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/inbox-stats-failed-to-load-resource-status-524/#post-15034794)
 * [@rainfallnixfig](https://wordpress.org/support/users/rainfallnixfig/) can you
   undo marking this as Resolved please. Because it isn’t.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WooCommerce] Inbox & Stats failed to load resource – status 524](https://wordpress.org/support/topic/inbox-stats-failed-to-load-resource-status-524/)
 *  Thread Starter [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/inbox-stats-failed-to-load-resource-status-524/#post-15034787)
 * [@rainfallnixfig](https://wordpress.org/support/users/rainfallnixfig/) … thanks…
   but this is my ticket and no that didn’t resolve the issue.
    -  This reply was modified 4 years, 8 months ago by [chipx](https://wordpress.org/support/users/chipx/).
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WooCommerce] Inbox & Stats failed to load resource – status 524](https://wordpress.org/support/topic/inbox-stats-failed-to-load-resource-status-524/)
 *  Thread Starter [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/inbox-stats-failed-to-load-resource-status-524/#post-14999908)
 * Thanks for the reply. No we don’t have that installed on our site.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WooCommerce] Error: “There was an error getting your inbox.”](https://wordpress.org/support/topic/error-there-was-an-error-getting-your-inbox/)
 *  [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [4 years, 8 months ago](https://wordpress.org/support/topic/error-there-was-an-error-getting-your-inbox/page/3/#post-14998203)
 * [@mirko](https://wordpress.org/support/users/mirko/) P. I’ve created my own thread
   here with the same issue:
 * [https://wordpress.org/support/topic/inbox-stats-failed-to-load-resource-status-524/](https://wordpress.org/support/topic/inbox-stats-failed-to-load-resource-status-524/)
 *   Forum: [Reviews](https://wordpress.org/support/forum/reviews/)
    In reply to:
   [[Payment Plugins Braintree For WooCommerce] This plugin should include reCAPTCHA to help prevent credit card bot attacks.](https://wordpress.org/support/topic/this-plugin-is-insecure-from-credit-card-bot-attacks/)
 *  Thread Starter [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [6 years, 4 months ago](https://wordpress.org/support/topic/this-plugin-is-insecure-from-credit-card-bot-attacks/#post-12513869)
 * It’s not an excuse. It’s a statement of events. I have also seen the wording 
   you refer to in your plugin settings when I reviewed all the security in January.
 * I want to be clear. I’m not putting responsibility for this hack on you and your
   plugin. I know I have a part to play in this. So does Braintree, it’s negligent
   of them to have taken as long as they did to recognise the activity as fraudulent.
 * And my point about reCAPTCHA is that Braintree has stated it’s a requirement 
   in writing to me. I’m happy to forward that onto you, since apparently it’s a
   standard they haven’t documented publicly and a change in policy since January.
   Braintree told me the implementation of your/their plugin was insecure, and to
   secure it they stated it needed reCAPTCHA and nothing else would be appropriate…
   they didn’t even list the Advanced Fraud Tools as a requirement to stop this 
   kind of attack, which is at odds with your information above. They should have
   made that a requirement based on your conversations with them, and they should
   be making you add reCAPTCHA based on their communication with me.
 *   Forum: [Reviews](https://wordpress.org/support/forum/reviews/)
    In reply to:
   [[Payment Plugins Braintree For WooCommerce] This plugin should include reCAPTCHA to help prevent credit card bot attacks.](https://wordpress.org/support/topic/this-plugin-is-insecure-from-credit-card-bot-attacks/)
 *  Thread Starter [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [6 years, 4 months ago](https://wordpress.org/support/topic/this-plugin-is-insecure-from-credit-card-bot-attacks/#post-12513510)
 * I never questioned they quality of your support. It’s always been highly responsive
   and useful.
 * Advanced Fraud Tools weren’t available when we first setup our merchant account
   with Braintree and installed your plugin. It looks like the relationship with
   Kount was announced after that, and the communication makes it look like an optional
   purchasable extra. All of the other suggested security measures were put in place
   as per the documentation available at the time. The initial email from Braintree
   telling us about the attacks, and the steps we had to take to reactivate our 
   merchant account, also never mentioned the Advanced Fraud Tools. I found those
   myself and have since activated them. I can’t find any historical communication
   about those tools becoming available with a suggestion that they should be implemented.
   This is after it took them 24 hours to identify fraudulent attempts were being
   made on their/your CC form (It’s not our form… that’s the whole point of using
   a SAQ A PCI Compliant credit card form).
 * It’s interesting that 7 days after this incident occurred Braintree sent our 
   a bulk email notifying it’s users that it was applying a default set of fraud
   tool settings to everyone’s accounts… frankly, an admission that their base security
   settings weren’t adequate.
 * The primary reason for this review is the lack of inclusion of reCAPTCHA. The
   addition of that to the form specifically was a firm requirement by Braintree.
   Your plugin presents itself as an official Braintree plugin from the Plugin Homepage
   link. In addition I have an email from Braintree stating they would be forwarding
   the request to add reCAPTCHA to the plugins’ form. I don’t see any reference 
   in your documentation stating a 3rd party plugin should be used to protect your
   credit card form. Given that it’s apparently a requirement to have a Braintree
   merchant account, it’s surprising this isn’t mentioned in your plugin documentation
   nor in the Braintree Getting Started guide or Braintree onboarding process.
 * I had already reviewed all the transactions and the raw access logs on our server.
   The bot was trawling through the site adding products to the cart, then proceeding
   to the checkout page and trying randomised card details repeatedly. The attack
   came from an IP address in Israel. I actually thought I had blocked payments 
   from countries outside of Australia and New Zealand, but I’ve just blocked shipping.
   That setting is something that is available on a separate payment gateway on 
   a website I’m involved in.
 * So far as the publicly available fees information regarding NAB. It’s buried 
   in documentation and certainly not made clear during the signup phase or clear
   on the main Braintree website.
 * In addition it’s really not that clear since this plugin was made free if it 
   is part of Braintree or not. paymentplugins.com no longer loads and the official
   documentation page is branded as Braintree.
 * Just an FYI, not that it affects you, this incident has been reported to CERT
   NZ and after their review they’ve forwarded it onto the Cybercrimes unit of the
   New Zealand Police. So hopefully NAB will step up to the plate. And hopefully
   this plugins’ documentation and that of Braintree’s can be improved to make these
   requirements more clear for others moving forward.
 * [@benbrooklyn](https://wordpress.org/support/users/benbrooklyn/) thanks for your
   opinion…. every review on the planet, in their very nature is biased. You are
   clearly totally on top of your security on your website, well done, I hope you
   never get ripped off by some low life scum with nothing better to do in their
   lives than impart misery onto others.
    -  This reply was modified 6 years, 4 months ago by [chipx](https://wordpress.org/support/users/chipx/).
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WOOF by Category] latest WooCommerce unknown compatibility – WOOF by Category Plugin](https://wordpress.org/support/topic/latest-woocommerce-unknown-compatibility-woof-by-category-plugin/)
 *  [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/latest-woocommerce-unknown-compatibility-woof-by-category-plugin/#post-9961600)
 * Yeah… you’re doing it better than the plugin authors with unknown being reported
   as their status.
 * Thanks for checking in and giving us more information.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WOOF by Category] latest WooCommerce unknown compatibility – WOOF by Category Plugin](https://wordpress.org/support/topic/latest-woocommerce-unknown-compatibility-woof-by-category-plugin/)
 *  [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/latest-woocommerce-unknown-compatibility-woof-by-category-plugin/#post-9961399)
 * Hi [@mksnmks](https://wordpress.org/support/users/mksnmks/)
 * Most have been updated now… there were 3 or 4 others that were displaying a message
   here but have since been updated via the plugins page or manually… it annoys 
   the hell out of me that some plugin developers don’t notify of updates via email
   and don’t post updates via the wordpress.org platform.
 * In any case these are the remaining ones:
 * Plugin **Tested up to WooCommerce version**
    Braintree For WooCommerce Pro **
   3.2.6** WOOF by Category **3.2** Product CSV Import Export **unknown** SKU Error
   Fixer for WooCommerce **unknown** WooCommerce Colors **unknown** WooCommerce 
   New Zealand Post Shipping Method PRO **unknown** Yoast SEO: WooCommerce **unknown**
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WOOF by Category] latest WooCommerce unknown compatibility – WOOF by Category Plugin](https://wordpress.org/support/topic/latest-woocommerce-unknown-compatibility-woof-by-category-plugin/)
 *  [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/latest-woocommerce-unknown-compatibility-woof-by-category-plugin/#post-9961099)
 * Hi there,
 * The same thing is happening for Woocommerce 3.3 now.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[WooCommerce Colors] Unsupported in Woocommerce 3.3](https://wordpress.org/support/topic/unsupported-in-woocommerce-3-3/)
 *  Thread Starter [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [8 years, 5 months ago](https://wordpress.org/support/topic/unsupported-in-woocommerce-3-3/#post-9961095)
 * Maybe all it requires is a small update to support woo’s new checks and a version
   bump?
 *   Forum: [Reviews](https://wordpress.org/support/forum/reviews/)
    In reply to:
   [[Social Slider Feed – Social Media Feed & Gallery Widgets] No longer working](https://wordpress.org/support/topic/no-longer-working-86/)
 *  Thread Starter [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [8 years, 6 months ago](https://wordpress.org/support/topic/no-longer-working-86/#post-9860220)
 * Thanks for fixing it. I got impatient though and ended up installing a paid plugin.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[SVG Support] failed to open stream – I/O warning – wrapper is disabled](https://wordpress.org/support/topic/failed-to-open-stream-i-o-warning-wrapper-is-disabled/)
 *  Thread Starter [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [8 years, 6 months ago](https://wordpress.org/support/topic/failed-to-open-stream-i-o-warning-wrapper-is-disabled/#post-9856885)
 * We love what your plugin does for our website, so we really hope you do find 
   a solution. But given it’s an eCommerce site, I really can’t justify enabling
   allowing `allow_url_fopen`. So for now it’s disabled.
 * I would test again with the log enabled, but the issue only occurred when we 
   had incorrectly imported product feature image references… so the Media library
   had image references, but no file existed in the path specified. So when the 
   attachment modal window was open while trying to add media, the thumbnails wouldn’t
   load at all, because the files didn’t exist. And I suppose it would just keep
   trying.. and the connections would stack up until they either timed out, or the
   max number of attempts was reached. The effect was when the DB connection limit
   was exceeded, any new media file uploads would fail, and some admins pages would
   fail to load with DB access errors. It’s kind of a rare scenario really, but 
   born from trying to upload thousands of products to woocommerce from configured
   spreadsheets converted to CSV files… all it takes is a typo in an excel formula,
   and you trash a bunch of references, or create a bunch of bogus data. Fortunately,
   we only had 8 pages of bogus SVG images to remove from the media library… it 
   would have sucked if there were hundreds of pages.
 *   Forum: [Plugins](https://wordpress.org/support/forum/plugins-and-hacks/)
    In
   reply to: [[SVG Support] failed to open stream – I/O warning – wrapper is disabled](https://wordpress.org/support/topic/failed-to-open-stream-i-o-warning-wrapper-is-disabled/)
 *  Thread Starter [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [8 years, 6 months ago](https://wordpress.org/support/topic/failed-to-open-stream-i-o-warning-wrapper-is-disabled/#post-9856765)
 * It seems that enabling allow_url_fopen gets rid of the simplexml_load_file() 
   warnings… which is far from ideal. Do you have any suggestions on how to get 
   rid of them without enabling that please?
 * Secondly…
 * Also, it looks like you should put an error trap in your code for if the image
   file is missing from the filestore. Currently it appears the way your plugin 
   behaves, it starts to hammer the database with requests, resulting in it exceeding
   the connection limit of the DB.
 * [See this log…](https://www.dropbox.com/s/wrd8l73zs9x8gjk/debug-copy-forSVGdev.log?dl=0)
 * As soon as we got rid of all the image references to SVG files that didn’t exist,
   all the connection errors disappeared.
 * I could be wrong about it being your plugin exceeding the DB connection limit,
   but it seems like it, and it’s probably worth investigating at your end.
 *   Forum: [Fixing WordPress](https://wordpress.org/support/forum/how-to-and-troubleshooting/)
   
   In reply to: [Uploading media error (wordpress 4.9)](https://wordpress.org/support/topic/uploading-media-error-wordpress-4-9/)
 *  [chipx](https://wordpress.org/support/users/chipx/)
 * (@chipx)
 * [8 years, 6 months ago](https://wordpress.org/support/topic/uploading-media-error-wordpress-4-9/#post-9840749)
 * Same issue here… not signs of errors in the logs. I’m running 4.9.1.

Viewing 15 replies - 1 through 15 (of 45 total)

1 [2](https://wordpress.org/support/users/chipx/replies/page/2/?output_format=md)
[3](https://wordpress.org/support/users/chipx/replies/page/3/?output_format=md) 
[→](https://wordpress.org/support/users/chipx/replies/page/2/?output_format=md)